background image

The Social-Engineer Toolkit

145

As with other SET attack methods, attackers can use a variety of pay-

loads. The default reverse Meterpreter payload   is usually an excellent 
selection. For this scenario, you can simply select the defaults when prompted 
for the encoder to use   and the port to use to reconnect.

With the configuration complete, SET launches Metasploit:

resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.

 [*] Started reverse handler on 10.10.1.112:443

[*] Starting the payload handler...
msf exploit(handler) >

SET passes all necessary options to Metasploit, which then sets up the 

reverse Meterpreter listener on port 443  .

NOTE

You have created a web server housing a cloned instance of 

http://www.secmaniac

.com/

. If you had changed the configuration file to include 

WEBATTACK_EMAIL=ON

, you 

would have been prompted to send an email using the spear-phishing attack vector 
(minus attachments).

Now that everything is set up, you simply need to get a target to browse 

to the malicious site. Upon reaching the website, the target sees a pop-up 
warning from the publisher, Microsoft, as shown in Figure 10-2. If the target 
clicks Run, and most users will, the payload will be executed, and you gain 
full control of the user’s system.

NOTE

Recall that SET’s configuration can self-sign the Java applet with whatever you want. 
Remember, too, that when the target clicks Run and the payload is executed and deliv-
ered, the target is redirected to the legitimate SecManiac website.

Figure 10-2: Java applet prompt